License

BSD-3-Clause

Changelog

* Thu Feb 22 2018 fvogt@suse.com
- Use %license (boo#1082318)
* Wed Nov 01 2017 kstreitova@suse.com
- add pcre-8.41-stack_frame_size_detection.patch to fix pcre stack
frame size detection because modern compilers broke it by cloning
and inlining pcre match() function [bsc#1058722]
* Tue Sep 12 2017 matz@suse.com
- RunTest needs much stack, on s390x more than the default
8 MB. [bnc#1046102]
* Tue Jul 25 2017 astieger@suse.com
- pcre 8.41:
* If pcregrep in multiline mode with --only-matching matched
several lines, it restarted scanning at the next line instead
of moving on to the end of the matched string, which can be
several lines after the start.
* Fix a missing else in the JIT compiler reported by 'idaifish'.
CVE-2017-6004 bsc#1025709
* A (?# style comment is now ignored between a basic quantifier
and a following '+' or '?' (example: /X+(?#comment)?Y/.
* Avoid use of a potentially overflowing buffer in pcregrep
* Fix issues reported by fuzzers in pcretest:
- Check for values < 256 when calling isprint() in pcretest.
- Give an error for too big a number after \O.
* In the 32-bit library in non-UTF mode, an attempt to find a
Unicode property for a character with a code point greater than
0x10ffff (the Unicode maximum) caused a crash.
CVE-2017-7186 bsc#1030066, CVE-2017-7244 bsc#1030807
* The alternative matching function, pcre_dfa_exec() misbehaved
if it encountered a character class with a possessive repeat,
for example [a-f]{3}+.
* When pcretest called pcre_copy_substring() in 32-bit mode, it
set the buffer length incorrectly, which could result in buffer
overflow. CVE-2017-7245 bsc#1030805, CVE-2017-7246 bsc#1030803
* Fri Jun 02 2017 mpluskal@suse.com
- Enable jit on aarch64
- Enable profiled building
* Thu Feb 09 2017 astieger@suse.com
- pcre 8.40:
* Using -o with -M in pcregrep could cause unnecessary repeated
output when the match extended over a line boundary.
* Fix register overwite in JIT when SSE2 acceleration is enabled.
* Ignore "show all captures" (/=) for DFA matching.
* Fix JIT unaligned accesses on x86
* In any wide-character mode (8-bit UTF or any 16-bit or 32-bit
mode), without PCRE_UCP set, a negative character type such as
\D in a positive class should cause all characters greater than
255 to match, whatever else is in the class. There was a bug
that caused this not to happen if a Unicode property item was
added to such a class, for example [\D\P{Nd}] or [\W\pL].
* When pcretest was outputing information from a callout, the
caret indicator for the current position in the subject line
was incorrect if it was after an escape sequence for a
character whose code point was greater than \x{ff}.
* A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled
such that the conditional was interpreted as a reference to
capturing group 1 instead of a test for recursion. Any group
whose name began with R was misinterpreted in this way. (The
reference interpretation should only happen if the group's name
is precisely "R".)
* A number of bugs have been mended relating to match start-up
optimizations when the first thing in a pattern is a positive
lookahead. These all applied only when PCRE_NO_START_OPTIMIZE
was *not* set:
+ A pattern such as (?=.*X)X$ was incorrectly optimized as if
it needed both an initial 'X' and a following 'X'.
+ Some patterns starting with an assertion that started with
.* were incorrectly optimized as having to match at the start
of the subject or after a newline. There are cases where this
is not true, for example, (?=.*[A-Z])(?=.{8,16})(?!.*[\s])
matches after the start in lines that start with spaces.
Starting .* in an assertion is no longer taken as an
indication of matching at the start (or after a newline).
* Tue Feb 07 2017 dimstar@opensuse.org
- Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13.
* Mon Aug 01 2016 astieger@suse.com
- record minor vulnerabilities fixed in 8.39
* Wed Jun 15 2016 mpluskal@suse.com
- Update to version 8.39:
* Some appropriate PCRE2 JIT improvements have been retro-fitted
to PCRE1.
* CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply
nested parentheses (boo#971741)
* CVE-2016-1283: Heap buffer overflow DoS (boo#960837)
* Apart from that, this is another bug-fix release.
* Thu Nov 26 2015 astieger@suse.com
- pcre 8.38:
* CVE-2015-3217: Call Stack Overflow Vulnerability in match()
bsc#933878
* Other fixes to assertions, crashes, buffer overflows and
performance issues found by fuzzer, affecting applications
accepting regular expression from untrusted sources
* Thu Apr 30 2015 astieger@suse.com
- pcre 8.37:
* CVE-2015-2325: Patterns with certain groups specifying a zero
minimum quantifier caused incorrect code to be compiled,
leading to an incorrect memory read. [boo#924960]
* CVE-2015-2326: Specific patterns containing a forward reference
with subroutine calls caused incorrect code to be compiled
[boo#924961]
* CVE-2014-8964: If an assertion condition was quantified with a
minimum of zero, SIGSEGV or other misbehaviour could occur.
[boo#906574]
* further bug fixes as listed in ChangeLog
* Mon Mar 09 2015 p.drouand@gmail.com
- Update to version 3.16
* This is primarily a bug-fix release.
* The Unicode data tables have been updated to Unicode 7.0.0.
- Remove pcre-commit1472.patch; fixed on upstream release
- Remove obsolete "Obsoletes" tag